Drop user tokens table

2024-02-28 20:59:34 +00:00 · 2024-02-28 20:59:34 +00:00 · 29cc21c599
commit 29cc21c599
parent fa55f3878a
10 changed files with 10 additions and 137 deletions
--- a/app/controllers/api_controller.rb
+++ b/app/controllers/api_controller.rb
@ -112,8 +112,6 @@ class ApiController < ApplicationController
      # authenticate per-scheme
      self.current_user = if username.nil?
                            nil # no authentication provided - perhaps first connect (client should retry after 401)
-                          elsif username == "token"
-                            User.authenticate(:token => passwd) # preferred - random token for user from db, passed in basic auth
                          else
                            User.authenticate(:username => username, :password => passwd) # basic auth
                          end
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -44,8 +44,6 @@ class ApplicationController < ActionController::Base
          redirect_to :controller => "users", :action => "terms", :referer => request.fullpath
        end
      end
-    elsif session[:token]
-      session[:user] = current_user.id if self.current_user = User.authenticate(:token => session[:token])
    end

    session[:fingerprint] = current_user.fingerprint if current_user && session[:fingerprint].nil?
--- a/app/controllers/confirmations_controller.rb
+++ b/app/controllers/confirmations_controller.rb
@ -15,10 +15,7 @@ class ConfirmationsController < ApplicationController

  def confirm
    if request.post?
-      token = params[:confirm_string]
-
-      user = User.find_by_token_for(:new_user, token) ||
-             UserToken.unexpired.find_by(:token => token)&.user
+      user = User.find_by_token_for(:new_user, params[:confirm_string])

      if !user
        flash[:error] = t(".unknown token")
@ -34,7 +31,6 @@ class ConfirmationsController < ApplicationController
        flash[:notice] = gravatar_status_message(user) if gravatar_enable(user)
        user.save!
        referer = safe_referer(params[:referer]) if params[:referer]
-        UserToken.delete_by(:token => token)

        pending_user = session.delete(:pending_user)

@ -70,10 +66,7 @@ class ConfirmationsController < ApplicationController

  def confirm_email
    if request.post?
-      token = params[:confirm_string]
-
-      self.current_user = User.find_by_token_for(:new_email, token) ||
-                          UserToken.unexpired.find_by(:token => params[:confirm_string])&.user
+      self.current_user = User.find_by_token_for(:new_email, params[:confirm_string])

      if current_user&.new_email?
        current_user.email = current_user.new_email
@ -89,7 +82,6 @@ class ConfirmationsController < ApplicationController
        else
          flash[:errors] = current_user.errors
        end
-        current_user.tokens.delete_all
        session[:user] = current_user.id
        session[:fingerprint] = current_user.fingerprint
      elsif current_user
--- a/app/controllers/passwords_controller.rb
+++ b/app/controllers/passwords_controller.rb
@ -19,8 +19,7 @@ class PasswordsController < ApplicationController
    @title = t ".title"

    if params[:token]
-      self.current_user = User.find_by_token_for(:password_reset, params[:token]) ||
-                          UserToken.unexpired.find_by(:token => params[:token])&.user
+      self.current_user = User.find_by_token_for(:password_reset, params[:token])

      if current_user.nil?
        flash[:error] = t ".flash token bad"
@ -53,8 +52,7 @@ class PasswordsController < ApplicationController

  def update
    if params[:token]
-      self.current_user = User.find_by_token_for(:password_reset, params[:token]) ||
-                          UserToken.unexpired.find_by(:token => params[:token])&.user
+      self.current_user = User.find_by_token_for(:password_reset, params[:token])

      if current_user
        if params[:user]
@ -64,7 +62,6 @@ class PasswordsController < ApplicationController
          current_user.email_valid = true

          if current_user.save
-            UserToken.delete_by(:token => params[:token])
            session[:fingerprint] = current_user.fingerprint
            flash[:notice] = t ".flash changed"
            successful_login(current_user)
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -57,7 +57,6 @@ class User < ApplicationRecord
  has_many :muted_messages, -> { where(:to_user_visible => true, :muted => true).order(:sent_on => :desc).preload(:sender, :recipient) }, :class_name => "Message", :foreign_key => :to_user_id
  has_many :friendships, -> { joins(:befriendee).where(:users => { :status => %w[active confirmed] }) }
  has_many :friends, :through => :friendships, :source => :befriendee
-  has_many :tokens, :class_name => "UserToken", :dependent => :destroy
  has_many :preferences, :class_name => "UserPreference"
  has_many :changesets, -> { order(:created_at => :desc) }, :inverse_of => :user
  has_many :changeset_comments, :foreign_key => :author_id, :inverse_of => :author
@ -165,9 +164,6 @@ class User < ApplicationRecord
      else
        user = nil
      end
-    elsif options[:token]
-      token = UserToken.find_by(:token => options[:token])
-      user = token.user if token
    end

    if user &&
@ -177,8 +173,6 @@ class User < ApplicationRecord
      user = nil
    end

-    token.update(:expiry => 1.week.from_now) if token && user
-
    user
  end

--- a/app/models/user_token.rb
+++ b/app/models/user_token.rb
@ -1,38 +0,0 @@
-# == Schema Information
-#
-# Table name: user_tokens
-#
-#  id      :bigint(8)        not null, primary key
-#  user_id :bigint(8)        not null
-#  token   :string           not null
-#  expiry  :datetime         not null
-#  referer :text
-#
-# Indexes
-#
-#  user_tokens_token_idx    (token) UNIQUE
-#  user_tokens_user_id_idx  (user_id)
-#
-# Foreign Keys
-#
-#  user_tokens_user_id_fkey  (user_id => users.id)
-#
-
-class UserToken < ApplicationRecord
-  belongs_to :user
-
-  scope :unexpired, -> { where("expiry >= now()") }
-
-  after_initialize :set_defaults
-
-  def expired?
-    expiry < Time.now.utc
-  end
-
-  private
-
-  def set_defaults
-    self.token = OSM.make_token if token.blank?
-    self.expiry = 1.week.from_now if expiry.blank?
-  end
-end
--- a/db/migrate/20240228205723_drop_user_tokens.rb
+++ b/db/migrate/20240228205723_drop_user_tokens.rb
@ -0,0 +1,5 @@
+class DropUserTokens < ActiveRecord::Migration[7.1]
+  def up
+    drop_table :user_tokens
+  end
+end
--- a/db/structure.sql
+++ b/db/structure.sql
@ -1532,38 +1532,6 @@ CREATE SEQUENCE public.user_roles_id_seq
 ALTER SEQUENCE public.user_roles_id_seq OWNED BY public.user_roles.id;


--
-- Name: user_tokens; Type: TABLE; Schema: public; Owner: -
--
-
-CREATE TABLE public.user_tokens (
-    id bigint NOT NULL,
-    user_id bigint NOT NULL,
-    token character varying NOT NULL,
-    expiry timestamp without time zone NOT NULL,
-    referer text
-);
-
-
--
-- Name: user_tokens_id_seq; Type: SEQUENCE; Schema: public; Owner: -
--
-
-CREATE SEQUENCE public.user_tokens_id_seq
-    START WITH 1
-    INCREMENT BY 1
-    NO MINVALUE
-    NO MAXVALUE
-    CACHE 1;
-
-
--
-- Name: user_tokens_id_seq; Type: SEQUENCE OWNED BY; Schema: public; Owner: -
--
-
-ALTER SEQUENCE public.user_tokens_id_seq OWNED BY public.user_tokens.id;
-
-
 --
 -- Name: users; Type: TABLE; Schema: public; Owner: -
 --
@ -1882,13 +1850,6 @@ ALTER TABLE ONLY public.user_mutes ALTER COLUMN id SET DEFAULT nextval('public.u
 ALTER TABLE ONLY public.user_roles ALTER COLUMN id SET DEFAULT nextval('public.user_roles_id_seq'::regclass);


--
-- Name: user_tokens id; Type: DEFAULT; Schema: public; Owner: -
--
-
-ALTER TABLE ONLY public.user_tokens ALTER COLUMN id SET DEFAULT nextval('public.user_tokens_id_seq'::regclass);
-
-
 --
 -- Name: users id; Type: DEFAULT; Schema: public; Owner: -
 --
@ -2280,14 +2241,6 @@ ALTER TABLE ONLY public.user_roles
    ADD CONSTRAINT user_roles_pkey PRIMARY KEY (id);


--
-- Name: user_tokens user_tokens_pkey; Type: CONSTRAINT; Schema: public; Owner: -
--
-
-ALTER TABLE ONLY public.user_tokens
-    ADD CONSTRAINT user_tokens_pkey PRIMARY KEY (id);
-
-
 --
 -- Name: users users_pkey; Type: CONSTRAINT; Schema: public; Owner: -
 --
@ -2901,20 +2854,6 @@ CREATE INDEX user_id_idx ON public.friends USING btree (friend_user_id);
 CREATE UNIQUE INDEX user_roles_id_role_unique ON public.user_roles USING btree (user_id, role);


--
-- Name: user_tokens_token_idx; Type: INDEX; Schema: public; Owner: -
--
-
-CREATE UNIQUE INDEX user_tokens_token_idx ON public.user_tokens USING btree (token);
-
-
--
-- Name: user_tokens_user_id_idx; Type: INDEX; Schema: public; Owner: -
--
-
-CREATE INDEX user_tokens_user_id_idx ON public.user_tokens USING btree (user_id);
-
-
 --
 -- Name: users_auth_idx; Type: INDEX; Schema: public; Owner: -
 --
@ -3490,14 +3429,6 @@ ALTER TABLE ONLY public.user_roles
    ADD CONSTRAINT user_roles_user_id_fkey FOREIGN KEY (user_id) REFERENCES public.users(id);


--
-- Name: user_tokens user_tokens_user_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: -
--
-
-ALTER TABLE ONLY public.user_tokens
-    ADD CONSTRAINT user_tokens_user_id_fkey FOREIGN KEY (user_id) REFERENCES public.users(id);
-
-
 --
 -- Name: way_nodes way_nodes_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: -
 --
@ -3581,6 +3512,7 @@ INSERT INTO "schema_migrations" (version) VALUES
 ('23'),
 ('22'),
 ('21'),
+('20240228205723'),
 ('20240117185445'),
 ('20231213182102'),
 ('20231206141457'),
--- a/script/cleanup
+++ b/script/cleanup
@ -2,7 +2,6 @@

 require File.join(File.dirname(__FILE__), "..", "config", "environment")

-UserToken.where("expiry < NOW()").delete_all
 OauthNonce.where("timestamp < EXTRACT(EPOCH FROM NOW() - INTERVAL '1 day')").delete_all
 OauthToken.where("invalidated_at < NOW() - INTERVAL '28 days'").delete_all
 RequestToken.where("authorized_at IS NULL AND created_at < NOW() - INTERVAL '28 days'").delete_all
--- a/test/models/user_token_test.rb
+++ b/test/models/user_token_test.rb
@ -1,4 +0,0 @@
-require "test_helper"
-
-class UserTokenTest < ActiveSupport::TestCase
-end